http://news.hitb.org/content/researc...t-card-exploit

It seems even in Germany NFC works different. The supposed UK retailer 1p fee for up to £2 spend is maybe unique to the UK. So maybe a 16c lower fee I heard quoted for the US applies to a $3 spend, just maybe making things more difficult for retailers there.

"RAMPANT: EXPLAINING THE CURRENT STATE OF APPLE PAY FRAUD"
http://www.droplabs.co/?p=1231
I noticed this Feb 22nd post early this morning and looks like media have finally seen it to run with it too.
http://www.theguardian.com/technolog...ystem-scammers

With near most credit card details seemingly stolen in the US, people piggy backing the cards into the Apple pay system and having spending sprees at bricks and mortar stores.

Its that initial authentication problem that banks might end up using as an excuse to instead, offer their own NFC cards for use in the US.

As always, criminals find ways to exploit new technology. This is just a variation of identify theft, not really a flaw in the Apple Pay system.

err, If you read it you will actually see the flaw in the Apple Pay system.

However, it is only made big because an extremely large percentage of all US card details have been stolen.

What's happened? Had Apple Pay been hacked?

Can we keep it to yes or no?

No! Banks have to authorise Credit Cards (to Apple) for use on Apple Pay. Some banks are not taking enough care in doing this.

Not a technical problem with Apple Pay!

Yeh, not Apple's problem they are likely telling the banks who they are not.

Maybe if Apple relinquished some of their so called privacy it might even help the bank out.

What are Apple keeping private that would help the banks out? Are you claiming the banks have agreed to a payment system they are not happy with?

I'm not even sure that sentence makes sense.


Spit it out - what should Apple be doing here?

As far as I can tell Apple gave the banks the option of:

1. Carrying out a thorough check when cards are added.
2. Carrying out a less thorough check when cards are added.

When the banks have been going with 2. people's details have been compromised.

And from that your conclusion is that Apple are at fault because Apple Pay isn't secure, and for making the banks liable for this.

Same problem with Google Wallet and Samsung/Loop pay. Issue at USA banks. The register explains:
http://m.theregister.co.uk/2015/03/0...plastic_fraud/

Shame everyone assumes it's a fault in Apple pay. Even the register headline, but it's worth reading the article.

The transfer of ID to the NFC that is the sticking point, and was likely a bigger problem with Android. It is all aiding ID theft.

Its strange really, in that with the US using 3rd world banking technology they stand to gain far more than us from the progress that Smartphone NFC gives.

no it isn't.

The U.S. doesn't have third world banking technology.

http://blogs.gartner.com/avivah-lita...bile-payments/

" Apple does provide the issuer with information to help inform that decision. But the bankers I spoke with at the ISMG fraud conference complained that they don’t get enough information out of ApplePay to properly support their fraud processes."

And yet I was only guessing at how we know Apple works. I've heard plenty an app dev rant on about Apple like theres no tomorrow.

"This isn’t necessarily an ApplePay problem. The responsibility ultimately lies with the card issuer who must be able to prove the ApplePay cardholder is indeed a legitimate customer with a valid card. Apple does provide the issuer with information to help inform that decision. But the bankers I spoke with at the ISMG fraud conference complained that they don’t get enough information out of ApplePay to properly support their fraud processes. If that’s the case they have the right to refuse accepting it — assuming they can get the support of their marketing colleagues."

Selective cut and paste doesn't help you.

Lets face it, Apple insists on owning the customer 100%.
It is why so many walled garden Apple services are so screwed up.

I'm sue they will relent just that tiny bit enough to make it work better, and maybe even get accepted elsewhere too.

That's never stopped him in the past...

What are you talking about. What walled garden? What Apple servces are screwed up?

Is that what your 'friends' are telling you?

I think what he is referring to is Apple's approach to certain functionality. In this case relating to "Apple Pay", Apple is in effect forcing its on version of conactless on the rest of the industry. Instead of looking at European markets where contactless is in full swing and relatively fraud free, the come up with their own version claiming to be "more secure". It took Apple 3 years to even allow MMS from their iPhones, I can only see Apple being dragged kicking and screaming into adopting industry standards.

Apple is having a challenge getting European bank/credit card providers on board its own style of contactless, and if I'm honest it will likely struggle to gain traction with the public as well. All of the banks and UK networks are beginning to get behind one universal standard for the UK, its receiving a lot of investment in both time and money, Q3 is a date being floated around. Essentially Finance and Telecoms industry wants to extend the functionality of PAYM to include contactless payments via their NFC enabled phone.

Mind you PayPal may even beat them all to it....

Contact less payment in the UK (and the rest of the world) and ApplePay are not the same thing, and Apple are using banking standards to implement its payment service.

However, thanks for the attempted explaination, but you shouldn't try and explain what AW means, most of the time he can't even do that

No again you miss my point, Apple Pay is the company's own version of contactless, they claim it to be in effect a digital wallet, which stores all of your card details. They want to become a recognised payment/merchant services offering, what they are doing isn't new at all, what is new is the way in which its done. Naturally Apple wants to get its hand in the cookie jar when transactions are made, they can coin anything between 1%-3.5% of transaction value (if compared to other payment service schemes in the UK).

I understand what Apple is doing. I don't understand your claim that Apple are trying to force a new method into the European market. Apple are using defined banking standards to execute mobile payments.

If by force, you mean first, then fine. However, anyone can introduce a similar mobile wallet system using the standards available.

Also, I assume by 'hand in the cookie jar' you mean they would like to be payed for providing a service.

To be honest, it all sounds a bit chinese whispers.

The two questions you need to answer are:

1. What information are Apple not providing banks that they need?

2. Why have banks agreed to implement Apple Pay if they are not receiving all the information they need to allow a card to be added to Apple Pay?

You are wrong! Contactless is limited to £20 currently and £30 later this year. ApplePay has no such limits - that being so its security is MUCH higher - or it would be if the Banks in the US had better procedures for ensuring that they are authorising valid credit cards in the hands of their genuine customers!

People whining that it yet another money-spinner for Apple seem to be ignoring the fact that the financial institutions seem quite content with both the system and its revenue split.

I read it that it is the BANKS who need better procedures to ensure that they only authorise Credit Cards on ApplePay when they are (more) confident that they are in the hands of the intended customers - it's hard to see how Apple could help them do this!

It certainly sounds like something that should be the responsibility of the banks, not Apple.

i.e. someone tries to add a card to Apple Pay, and the bank checks its credentials to confirm the details are valid, and the card isn't currently blocked for any reason.

And this seems like a red herring anyway - the banks have an option to carry out a less thorough or more thorough check. If they are choosing the less thorough option, that doesn't seem like Apple's fault.